Side effects: • Downloads a malicious file • Makes use of software vulnerability

Files

It tries to download some files:

– The location is the following: • http://down.erhaha2.cn/**********/a1.css It is saved on the local hard drive under: c:/Program Files/Outlook Express/wab.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Crypt.XDR.Gen

– The location is the following: • http://down.erhaha2.cn/**********/a1.css It is saved on the local hard drive under: d:/Program Files/Outlook Express/wab.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Crypt.XDR.Gen

– The location is the following: • http://down.erhaha2.cn/**********/a1.css It is saved on the local hard drive under: e:/Program Files/Outlook Express/wab.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Crypt.XDR.Gen

Description inserted by Thomas Wegele on Friday, December 19, 2008Description updated by Thomas Wegele on Friday, December 19, 2008